Bug 255552 - security/vuxml: Document command injection vulnerability in RDoc
Summary: security/vuxml: Document command injection vulnerability in RDoc
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Koichiro Iwao
URL:
Keywords:
Depends on:
Blocks: 255553
  Show dependency treegraph
 
Reported: 2021-05-02 20:07 UTC by Yasuhiro Kimura
Modified: 2021-05-03 14:14 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (ports-secteam)

Attachments
Patch file (1.93 KB, patch)
2021-05-02 20:07 UTC, Yasuhiro Kimura 		no flags Details | Diff
Updated patch file (1.95 KB, patch)
2021-05-03 11:47 UTC, Yasuhiro Kimura 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro Kimura freebsd_committer freebsd_triage 2021-05-02 20:07:20 UTC 
Created attachment 224615 [details]
Patch file

Document command injection vulnerability in RDoc.
Comment 1 Yasuhiro Kimura freebsd_committer freebsd_triage 2021-05-03 11:47:40 UTC 
Created attachment 224628 [details]
Updated patch file

Chase update of ports tree.
Comment 2 commit-hook freebsd_committer freebsd_triage 2021-05-03 14:04:55 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=4689236288cc83f50bf133cd253dcc58ce61ad54

commit 4689236288cc83f50bf133cd253dcc58ce61ad54
Author:     Koichiro Iwao <meta@FreeBSD.org>
AuthorDate: 2021-05-03 13:59:52 +0000
Commit:     Koichiro Iwao <meta@FreeBSD.org>
CommitDate: 2021-05-03 13:59:52 +0000

    security/vuxml: Document command injection vulnerability in RDoc

    PR:             255552
    Reported by:    Yasuhiro Kimura <yasu@utahime.org>
    Security:       CVE-2021-31799

 security/vuxml/vuln.xml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
Comment 3 Koichiro Iwao freebsd_committer freebsd_triage 2021-05-03 14:14:42 UTC 
Committed, thanks!